Patch Package: OTP 22.2.5 Git Tag: OTP-22.2.5 Date: 2020-02-03 Trouble Report Id: OTP-16358, OTP-16436, OTP-16441 Seq num: ERL-1152 System: OTP Release: 22 Application: erts-10.6.3, stdlib-3.11.2 Predecessor: OTP 22.2.4 Check out the git tag OTP-22.2.5, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. --------------------------------------------------------------------- --- erts-10.6.3 ----------------------------------------------------- --------------------------------------------------------------------- Note! The erts-10.6.3 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- kernel-6.5.1 (first satisfied in OTP 22.2) --- Fixed Bugs and Malfunctions --- OTP-16436 Application(s): erts Related Id(s): ERL-1152 A process could end up in a state where it got endlessly rescheduled without making any progress. This occurred when a system task, such as check of process code (part of a code purge), was scheduled on a high priority process trying to execute on a dirty scheduler. --- Improvements and New Features --- OTP-16358 Application(s): erts Improved signal handling for processes executing dirty. For example, avoid busy wait in dirty signal handler process when process is doing garbage collection on dirty scheduler. Full runtime dependencies of erts-10.6.3: kernel-6.5.1, sasl-3.3, stdlib-3.5 --------------------------------------------------------------------- --- stdlib-3.11.2 --------------------------------------------------- --------------------------------------------------------------------- Note! The stdlib-3.11.2 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- erts-10.6.2 (first satisfied in OTP 22.2.2) --- Fixed Bugs and Malfunctions --- OTP-16441 Application(s): stdlib A directory traversal vulnerability has been eliminated in erl_tar. erl_tar will now refuse to extract symlinks that points outside the targeted extraction directory and will return {error,{Path,unsafe_symlink}}. (Thanks to Eric Meadows-Jönsson for the bug report and for suggesting a fix.) Full runtime dependencies of stdlib-3.11.2: compiler-5.0, crypto-3.3, erts-10.6.2, kernel-6.0, sasl-3.0 --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------------------------------